same problem here but only occurs in my wordpress blogs. i removed all eval code from php files and there is no malicious code in the htacess file. however google is still redirecting to scam url after 24 hours of clean. what can be ? some kind of attack related to DNS ? anybody know how to fix it ?

Hi there , thank you very much for your help. I ran the script and i found more places where the malicious eval code was inserted. my first replace didn't saw some of the places. i asked the hosting company to remove all the code from all php files as root and that fixed the problem immediately.